Article Number: 000201829

Data Protection Advisor: Spring Framework False Positive Security Vulnerability (CVE-2022-22950)

Summary: This article provides a list of security vulnerabilities that cannot be exploited on Data Protection Advisor versions-19.7,19.6,19.5,19.4,19.3,19.2,19.1,18.X or earlier, but which may be identified by security scanners. ...

Article Content

Security Article Type

Security KB

CVE Identifier

CVE-2022-22950

Issue Summary

See the 'Recommendation' section below for details on each CVE.

Recommendations

The vulnerabilities listed in the table below are in order by the date on which Data Protection Advisor Engineering determined that the Data Protection Advisor versions 19.6,19.5,19.4,19.3,19.2,18.X were not vulnerable.

Third-party Component	CVE ID	Summary of Vulnerability	Reason why Product is not Vulnerable	Date Determined False Positive
Spring Framework versions 5.3.0 - 5.3.16	CVE-2022-22950	In Spring Framework versions 5.3.0 - 5.3.16 and earlier unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.	DPA does not use affected SpEL expression class in the Source code.	04 Jul 2022

Data Protection Advisor: Spring Framework False Positive Security Vulnerability (CVE-2022-22950)

Summary: This article provides a list of security vulnerabilities that cannot be exploited on Data Protection Advisor versions-19.7,19.6,19.5,19.4,19.3,19.2,19.1,18.X or earlier, but which may be identified by security scanners. ...

Article Content

Security Article Type

CVE Identifier

Issue Summary

Recommendations

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type

Welcome

Welcome to Dell

Data Protection Advisor: Spring Framework False Positive Security Vulnerability (CVE-2022-22950)

Summary: This article provides a list of security vulnerabilities that cannot be exploited on Data Protection Advisor versions-19.7,19.6,19.5,19.4,19.3,19.2,19.1,18.X or earlier, but which may be identified by security scanners. ... View More View Less

Article Content

Security Article Type

CVE Identifier

Issue Summary

Recommendations

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type

Summary: This article provides a list of security vulnerabilities that cannot be exploited on Data Protection Advisor versions-19.7,19.6,19.5,19.4,19.3,19.2,19.1,18.X or earlier, but which may be identified by security scanners. ...